A question that we often get asked is “how do I get started with a CISO-for-Hire or CPO as a Service?” We have developed an onboarding technique to bring new clients into the various Secratic services, be it to help with security or privacy discussions, or both.
As many leaders new to their role agree, always begin your time by simply listening and understanding. The best way for us to get to know a new Secratic client is to spend time listening to the people that have input on security and privacy from your product, technology, legal, compliance, and leadership teams. All these people will be encouraged to share their thoughts on ways to improve or known or suspected gaps. These happen through interviews, but not in the usual question/answer format; the nature of the chat is more organic and adaptive than you would see in a traditional consulting engagement or audit. It is also more focused on the intersection of business and security/privacy rather than purely focused on whether all the necessary ticks are in all the right boxes.
A critical differentiator of Secratic’s approach is that we also look at the business as a whole, the culture of the company and its employees. We also look at those driving the company’ direction, interactions with partners and suppliers, as well as the risk potential and likelihood both as perceived by business leaders and the market you operate in. All these viewpoints give Secratic the ability to understand your company in the same way that a full-time CISO or CPO would in their first few months.
After two to four weeks of interviews, either in person or via video or telephone, Secratic brings back a set of risks and challenges in your security or privacy program and will call out the most critical things to do to begin to advance the program. We will also include strategic recommendations of ways to address the risks in the context of the business as a whole, as understood during the first phase listening sessions. If you have specific areas of concern for us to focus on in this phase, we can focus just on those or give you a full-breadth set of recommendations.
Now, with actionable items in your hands, the ongoing portion of Secratic’s offering can take over: the CISO-as-a-Service (or CPO, if privacy is your need). In this mode, your company has access to an experienced CISO or CPO and can make the most of the information gathered during the listening phase to receive contextually accurate and informed replies to queries by your technology or security teams, product managers or business leaders. Secratic uses secure chat messaging with your groups to provide synchronous, private access to their knowledgeable Secratic CISO or CPO. This model mimics the way an on-staff CISO or CPO gives informed and timely responses to questions and direction on situations or incidents.
Your Secratic CISO or CPO will be most successful by staying up-to-date on your company’s business and operations, customer requirements, market changes or other items that may affect the risk, security posture, or compliance recommendations given to your company by Secratic. Quarterly, we will schedule a security/business update discussion to ensure we continue to provide security and privacy insights that are accurate for your business.
This model emulates the way full-time CISOs and CPOs work with their respective businesses, but does so at a scale, pace and cost that suits your company, and can expand to meet your ongoing needs for both security and privacy advice and insights as you grow.
If you would like more information about Secratic’s CISO-as-a-Service or Chief Privacy Officer-as-a-Service offering, or to begin the process to bring one of us into your company, please email [email protected] or visit the Contact Us page on our website (https://secratic.com/contact-us)